Privacy Policy

Last updated: January 14, 2026

Introduction

Welcome to Flusso. We are committed to protecting your privacy and ensuring that your personal information is handled in a safe and responsible manner. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

At Flusso, we build our privacy practices on the principle of Contextual Integrity, a framework developed by Professor Helen Nissenbaum. This means we don't just protect your data—we ensure it flows appropriately based on context.

Information We Collect

We collect information in several ways:

Information You Provide

  • Account Information: Name, email address, phone number, and organization details when you create an account.
  • Profile Information: Healthcare role, specialization, and preferences.
  • Health Information: Protected Health Information (PHI) that you choose to share through our platform.
  • Communications: Messages, files, and other content you send through our platform.

Information Collected Automatically

  • Device Information: Device type, operating system, and unique device identifiers.
  • Usage Data: How you interact with our services, including pages visited and features used.
  • Log Data: IP address, browser type, and access times.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Enable secure communication between healthcare parties
  • Process clinical trial participation and data collection
  • Send important service updates and security alerts
  • Analyze usage patterns to improve user experience
  • Comply with legal obligations and healthcare regulations

Contextual Integrity Framework

Flusso implements Contextual Integrity (CI) as the foundation of our privacy framework. This means:

  • Context-Appropriate Flows: Information is only shared in ways that are appropriate for the context in which it was originally provided.
  • Transmission Principles: We define and enforce rules about who can send and receive information based on their roles.
  • Norm Preservation: We respect the existing norms of healthcare communication and patient expectations.
  • Transparency: We clearly communicate how information flows between different parties.

Data Sharing and Disclosure

We may share your information in the following circumstances:

  • With Your Consent: When you explicitly authorize us to share information with third parties.
  • Healthcare Providers: With providers involved in your care, as appropriate for treatment.
  • Research Partners: With research institutions, only with your explicit consent and in compliance with IRB approvals.
  • Service Providers: With vendors who help us operate our services, under strict confidentiality agreements.
  • Legal Requirements: When required by law or to protect our rights and safety.

Data Security

We implement comprehensive security measures to protect your information:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
  • End-to-End Encryption: Messages are encrypted from sender to recipient.
  • Access Controls: Role-based access controls limit who can view information.
  • Audit Logging: All access to PHI is logged and monitored.
  • Regular Audits: We conduct regular security assessments and penetration testing.

Your Rights

You have the right to:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to legal requirements.
  • Portability: Receive your data in a portable format.
  • Restriction: Request restriction of processing in certain circumstances.
  • Objection: Object to processing of your information for certain purposes.

HIPAA Compliance

Flusso is designed to comply with the Health Insurance Portability and Accountability Act (HIPAA). We:

  • Enter into Business Associate Agreements (BAAs) with covered entities
  • Implement required administrative, physical, and technical safeguards
  • Maintain minimum necessary standards for PHI access
  • Provide breach notification as required by law
  • Train our workforce on HIPAA requirements

Cookies

We use cookies and similar technologies to enhance your experience on our website.

Analytics

We use Plausible Analytics, a privacy-focused analytics service that does not use cookies or collect personal data. Plausible provides aggregate statistics about website usage without tracking individual visitors.

Third-Party Services

Our contact forms are powered by HubSpot, which may set cookies to enable form functionality and improve user experience. These cookies help us understand how visitors interact with our forms and may be used for marketing purposes if you submit a form.

Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. However, blocking cookies may affect the functionality of certain features on our website.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at: